NEW ZEALAND

Privacy Policy

Sanofi-aventis Australia Pty Ltd trading as Sanofi, Sanofi Genzyme and Sanofi Pasteur, Sanofi-aventis Healthcare Pty Ltd, and Sanofi-aventis New Zealand Limited, (together referred to as “Sanofi”) are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) for Australia and the Privacy Principles contained in the Privacy Act 1993 for New Zealand (together referred to as the “Principles”). The Principles define personal information as information or an opinion relating to an individual which can be used to identify that individual (such as name, address, telephone number, email address), and are designed to protect the confidentiality of personal information and the privacy of individuals by regulating the way personal information is managed.

Sanofi recognises the importance of your privacy and understands that the security of your personal information is important to you. We are committed to protecting the personal information you provide to us. This privacy policy (“Privacy Policy” or “Policy”) outlines how we manage your personal information and protect your privacy.

This Policy does not apply to third party websites to which Sanofi’s website might be linked where Sanofi does not control the privacy practices of such resources. If you choose to enter such a linked website, you agree that Sanofi is not responsible for the availability of such website and does not review or endorse and shall not be liable, directly or indirectly, for how those websites or mobile applications manage your personal information.

1. Collection of personal information

a. Consumers and Patients

Sanofi obtains personal information from patients and members of the public in various ways including in writing, the internet, social media and through telephone enquiries. The type of information Sanofi collects includes a person's name, address and contact details, and information relating to the enquiry. Sanofi may also collect information about a patient or consumer's current and past medical status, such as medications being taken, the names of a patient’s healthcare providers, medical procedures undergone and other information that is reasonably required to properly respond to an enquiry.

Collecting this personal information is necessary to enable Sanofi to deal with the enquiry and may be necessary to allow us to meet any legal obligations.

On occasions, health professionals disclose personal and health information about themselves and their patients to Sanofi when it is considered necessary in relation to the treatment of a patient.

b. Patient Support and Information Programs

If a patient or consumer chooses to participate in a patient support or information program, this Privacy Policy, in particular, “Consumers and Patients” detailed above, will apply with respect to personal information made available to Sanofi. Please be advised that Sanofi outsources some of these programs to independent contractors. These contractors are required to adhere to the privacy laws and this Privacy Policy with respect to all personal and health information provided to them. Generally, Sanofi does not have access to the personal information given to these independent contractors for patient support programs.

c. Healthcare Professionals and their Employees

Sanofi collects personal information about healthcare professionals and their employees or assistants, such as doctors and pharmacists, who prescribe and dispense Sanofi products, to enable it to deal with those health professionals.

d. Websites

When you look at a Sanofi operated website, the Internet Service Provider of our parent company located in France makes a record of your visit and logs the following information for statistical purposes:

your server address;

your top level domain name (for example .com, .gov, .au, .uk etc);

the pages you accessed and documents downloaded;

the previous site you have visited; and

the type of browser you are using.

Sanofi will not make an attempt to identify users or their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect our parent company’s Internet Service Provider's logs.

Sanofi will only record your e-mail address if you send us a message. Your e-mail address will only be used or disclosed for the purpose for which you have provided it and it will not be added to a mailing list or used or disclosed for any other purpose without your consent.

Google Analytics Demographics and Interest Reporting have been enabled on some Sanofi operated website and as a result personal information about users such as age, gender and interests may be collected. Such information will only be used or disclosed for the purpose of better understanding users and identify how experience and interaction can be improved and will not be used or disclosed for any other purpose without your consent.

e. Information Collected from Clinical Trials

At times patients may participate in clinical trials of pharmaceutical or consumer products in order to further research and development of certain drugs or health services. In doing so, patients may provide personal information to the doctor or investigator conducting the clinical trial.

However, personal and health information collected by doctors and investigators conducting clinical trials is not generally provided to Sanofi. Sanofi receives the information relating to a clinical trial patient's health and pharmaceutical needs in a de-identified form. Personal information such as the patient's name and address is not provided to Sanofi.

On occasions people employed by Sanofi, or contractors working on behalf of Sanofi, may access this personal information at the source of collection for the purpose of verifying data.

Sanofi collects personal information about the doctors and investigators conducting clinical trials and people who assist them. In general, the type of information Sanofi collects includes the name, address, telephone details, field of expertise, position, role in study and qualifications and includes information provided on Curricula Vitae and Financial Disclosure Forms. Sanofi may use such information worldwide to pursue its business. In particular, Sanofi is required to obtain comprehensive information about potential or actual investigators in order to maintain quality clinical trials and consistently meet global regulatory and compliance guidelines. Some of the information collected may be stored and used overseas.

f. Adverse Event Reporting

Sanofi may collect personal information for the purpose of maintaining a record of medical queries, complaints and adverse event reports relating to our products and reporting these to relevant regulatory bodies, related companies or other companies which market the same product as may be required or prudent.

3. Disclosure

Sanofi may disclose personal information to third parties, including its associated companies, within or outside of Australia or New Zealand, including but not limited to: France, USA, Singapore and Japan to help Sanofi improve its pharmaceutical, consumer healthcare, rare diseases and vaccine products and health services. Sanofi may also disclose personal information to a related company in Malaysia for the purposes of processing invoices and accounts.

The circumstances in which we may disclose your personal information includes but is not limited to:

where we notified you at the time of supply of the personal information to us or it is expressly permitted under any agreement;

where it is necessary to provide you with a service or goods which you have requested;

where required for the ordinary operation of our business (for example, to send you information about our goods and services);

where it is necessary for support services to be provided in relation to our business activities (please note that such disclosures will only be to people and entities required to meet the same standards of data protection and are prevented from using the information for their own marketing purposes);

where we consider the law requires it, or in response to any demand by law enforcement authorities;

Regulatory authorities (such as the Therapeutic Goods Administration, Medsafe New Zealand and State and Territory drug and health authorities) where we are required to provide your personal information to the particular authority;

Third parties that we use in the ordinary operation of our business, such as for conference organising, marketing, data processing and associated printing and mailing. For example, it may also be provided to Clinical Research Organisations for the purposes of medical research. We will only provide your personal information to reputable third parties and then only on a confidential basis where we are satisfied that those third parties will similarly comply with the Principles and the Privacy Policy. These activities may involve the transfer of your personal information overseas as described above;

Companies related to us for the same kinds of purposes as listed above. Any use and disclosure by the related company will be in compliance with the Principles and the Privacy Policy;

Another company for the purpose of ensuring continuity of product supply and/or service if the supply of the product or service has been transferred to that company; and

Such third parties otherwise permitted or required by law.

Generally, we require that organisations outside of Sanofi who handle or obtain personal information as service providers to Sanofi acknowledge the confidentiality of this information, undertake to respect an individual’s right to privacy and comply with the Principles and this Policy.

In most cases, if you do not provide information about yourself which Sanofi has requested, Sanofi may not be able to provide you with the relevant service or information required.

4. Sensitive information is subject to greater restrictions

Some personal information collected by Sanofi is considered “sensitive”. Sensitive information which Sanofi may collect includes a person’s state of health and medical history.

The Principles require that sensitive information is used and disclosed only for the purposes for which it was provided, or a directly related secondary purpose, unless you agree otherwise or for other specific reasons such as if the use or disclosure of this information is required by law or to prevent a serious and imminent threat to life or health of an individual.

5. Data breach

Where a suspected data breach has occurred, Sanofi will act in accordance with its data breach response plan. In the event that Sanofi has determined that an “eligible data breach” has occurred, Sanofi will report it to the Office of the Australian Information Commissioner and the affected individual(s).

6. Management and security of personal information

Sanofi has appointed a Privacy Officer to oversee Sanofi’s management of personal information in accordance with this Policy and the Principles.

All personal information that is collected is held electronically on password protected systems. Personal information is only accessible by persons that require access to that information to carry out their work. Sanofi has directed its staff that personal information must be dealt with in accordance with this Policy and kept secure from unauthorised access or disclosure.

7. Enquiries

If you have questions about Sanofi, its privacy practices or this Privacy Policy, wish to provide feedback about this Policy, would like to update your personal details held by Sanofi or wish to access personal information held by Sanofi about you, please contact Sanofi using the contact details below.

Your request should detail your name, contact details, your former name or alias, if any, and the information you believe we may hold on you. You do not have to provide a reason for requesting access. Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access it (e.g. emailing or mailing it to you). In any event we will acknowledge receipt of request within 10 working days and endeavour to respond to your request within 30 days.

If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request we amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information we hold stating that you disagree with it.

8. How to complain about a privacy breach and how will Sanofi deal with such a complaint

If you believe that Sanofi has breached the Principles you may complain in writing to our Privacy Officer (see contact details below). Sanofi will respond within thirty (30) days and will use its best endeavour to resolve the issue.